85 lines
2.2 KiB
Nix
85 lines
2.2 KiB
Nix
{ hostRegistry, config, pkgs, lib, modulesPath, ... }:
|
|
|
|
{
|
|
imports = [
|
|
(modulesPath + "/profiles/minimal.nix")
|
|
(modulesPath + "/profiles/docker-container.nix")
|
|
];
|
|
|
|
networking.networkmanager.dns = "unbound";
|
|
networking.useHostResolvConf = false;
|
|
environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
|
|
nameserver ${ns}
|
|
'') config.networking.nameservers;
|
|
|
|
nix.useSandbox = false;
|
|
nix.maxJobs = lib.mkDefault 1;
|
|
nix.buildCores = lib.mkDefault 4;
|
|
networking.useNetworkd = true;
|
|
networking.useDHCP = false;
|
|
services.resolved.enable = false;
|
|
networking.nameservers =
|
|
[ "172.20.73.8" "9.9.9.9" ];
|
|
|
|
networking.interfaces.eth0 = {
|
|
useDHCP = false;
|
|
tempAddress = "disabled";
|
|
};
|
|
systemd.network.networks."40-eth0"
|
|
.networkConfig = {
|
|
IPv6AcceptRA = true;
|
|
LinkLocalAddressing = "ipv6";
|
|
};
|
|
|
|
boot.isContainer = true;
|
|
|
|
# /sbin/init
|
|
boot.loader.initScript.enable = true;
|
|
boot.loader.grub.enable = false;
|
|
|
|
# Create a few files early before packing tarball for Proxmox
|
|
# architecture/OS detection.
|
|
system.extraSystemBuilderCmds = ''
|
|
mkdir -m 0755 -p $out/bin
|
|
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
|
mkdir -m 0755 -p $out/sbin
|
|
ln -s ../init $out/sbin/init
|
|
'';
|
|
|
|
fileSystems."/" = {
|
|
fsType = "rootfs";
|
|
device = "rootfs";
|
|
};
|
|
|
|
# add central logging
|
|
services.journalbeat = {
|
|
enable = true;
|
|
tags = [ "container" ];
|
|
extraConfig = ''
|
|
journalbeat.inputs:
|
|
# Paths that should be crawled and fetched. Possible values files and directories.
|
|
# When setting a directory, all journals under it are merged.
|
|
# When empty starts to read from local journal.
|
|
- paths: []
|
|
journalbeat:
|
|
seek_position: cursor
|
|
cursor_seek_fallback: tail
|
|
write_cursor_state: true
|
|
cursor_flush_period: 5s
|
|
clean_field_names: true
|
|
convert_to_numbers: false
|
|
move_metadata_to_field: journal
|
|
default_type: journal
|
|
kernel: true
|
|
output.logstash:
|
|
# Boolean flag to enable or disable the output module.
|
|
enabled: true
|
|
hosts: ["${hostRegistry.hosts.logging.ip4}:5044"]
|
|
'';
|
|
};
|
|
|
|
# Required for remote deployment
|
|
services.openssh.enable = true;
|
|
|
|
}
|